News

Processor attacks: the next big threat in 2018

The beginning of 2018 was dominated by headlines mentioning exploits like Meltdown and Spectre, malware which would exploit a device’s processor in order to access resources usually restricted to your operating system.

Recent guidance from online security firm Sonicwall suggests that these two named attacks might just be the tip of the iceberg for so-called “processor malware attacks”, however.

The company has put out a new report which says that it found 500 unknown zero day processor malware attacks occurred between December 2017 and January 2018 alone.

The report’s authors say that vulnerabilities already identified by these two attacks would likely spawn a number of imitators. “We predict the emergence of password stealers and infostealers to take advantage of Meltdown and Spectre vulnerabilities,” Sonicwall warned.

In January, a survey of 514 IT professionals who used the Spiceworks community showed that one-fifth of large businesses could spend up to $500,000 (£352,000) on trying to fix Meltdown and Spectre flaws, with most IT teams needing at least 5 people to help solve problems.

It also reported that 45 per cent of organisations expect to spend more than 20 hours patching Meltdown/Spectre vulnerabilities, 26 per cent expect to spend more than 40 hours, and 16 per cent expect to spend more than 60 hours.

Sonicwall’s chief technology officer, John Gmuender, said that a number of “proof of concept” attacks that his firm had encountered proved that hackers were looking more closely at these memory exploits.

Meltdown, a very broad vulnerability, works by trying to gain access to memory usually reserved for a device’s operating system. It makes use of exception-handling features, which the processor usually reserves for when it encounters something out of the ordinary, to gain access to device architectures.

While some industry observers believe the processor flaws are complex enough to limit wide-scale attack, Gmuender expects attacks may become as available as off-the-shelf toolkits for hackers.

He added that the best malware code is like weaponry: “It is the kind of code protected by custom packages and encryption. The malware allocates memory, decrypts the attack code into this memory and then marks it for execution, which it then runs.”